You are here: CLASSE Wiki>Computing Web>ClasseVPN (18 Apr 2024, JamesPulver)Edit Attach
Tags

CLASSE VPN

*NOTE*: The steps for "Enrolling in Duo" and "VPN Setup" only need to be done once.

Setup and Configuration

You must enroll with CLASSE Duo, even if you already use Duo for Cornell central services.

1. Enroll in CLASSE Duo (Required)

This step must be completed before you can install the VPN client and only needs to be done once.
Please see CLASSEDuo for instructions.

2. Install Pritunl VPN Client (personal non-Linux devices only)

CLASSE-managed computers: Pritunl is already installed. Please skip to VPN Setup
  1. Browse to PriTunl to download and install the appropriate client version:
    • For Intel macs, download macOS Intel (Click on the green "Download Intel Pkg")
    • For M1 Macs, download macOS Apple Silicon (Click on the green "Download ARM Pkg")
    • For Windows, download the Windows install (Click on the green "Download Installer")

3. VPN Setup

You must complete the Enroll in CLASSE Duo steps above before proceeding.

Log in to Pritunl WebUI

  1. Browse to https://vpn.classe.cornell.edu/login
  2. Log in with your CLASSE username.
  3. Complete the Duo two-step authentication. You will receive a request titled "Key: CLASSE VPN". The request will expire after 60 seconds.
    • If you have multiple devices registered in Duo, Pritunl will not prompt for the device to use--it will try the first device in Duo device management. If that device is a phone, the login may timeout before it tries the second device. Connecting to Pritunl you should plan on having your first listed device nearby.
    • Device order can be rearranged in the Duo device manager.

Configure CLASSE VPN Profile

  1. Copy the "Profile URI Link:" from VPN webpage
  2. Start Pritunl on your computer.
  3. Click on "Import Profile URI".
  4. Paste the "Profile URI Link:" that you copied above.
  5. Click on "Import".
    • If you get an error message that says "Failed to load profile uri (Not Found)", then your temporary profile has timed out.
      Start over again at https://vpn.classe.cornell.edu/login

4. Connecting to the CLASSE VPN

  1. Start the Pritunl app.
  2. Click on the hamburger button (the three horizontal lines) next to your new profile and choose “Connect”
    PritunlMenu.jpg
    PritunlSelections.jpg
  3. Enter your CLASSE password.
  4. Complete the Duo two-step authentication. (You will receive a request titled "CLASSE VPN". The request will expire after 60 seconds.)

Pritunl Client Config

  1. Beneath the "Connect" button for your VPN connection in Pritunl, you may notice an "Autostart Off" setting. We recommend leaving this off (the default), to avoid spurious Duo prompts.

Linux VPN Configuration

For Linux, we recommend using Network Manager.

VPN Setup (Linux)

  1. Install the "NetworkManager", "NetworkManager-openvpn","NetworkManager-openvpn-gnome", and "network-manager-applet" packages for your distribution.
  2. Browse to https://vpn.classe.cornell.edu/login
  3. Login with your CLASSE Userid
  4. Complete the Duo two-step athenticaion. (you will receive a request titled "Key: CLASSE VPN". The request will expire after 60 seconds)
  5. Click on "Download Profiles (zip)"
  6. Unzip the zip file downloaded above.
  7. Edit the .ovpn file unzipped above, and change line 46 to: 
    remote 128.84.44.59 1194 tcp
  8. open a terminal, and type 
    nmcli connection import type openvpn file CLASSE_profileName_VPN1.ovpn
    (replacing "CLASSE_profileName_VPN1.ovpn" with the name of your .ovpn file).

Connecting to the CLASSE VPN

  1. Click on the "Networking" icon in the upper-right corner of your screen.
    linux_networking.png
  2. Mouse-over "VPN Connections" and click on the "CLASSE_" VPN connection you created above to connect or disconnect from the CLASSE VPN.

Troubleshooting

  1. If you find network manager timing out before completing the connection, try increasing the vpn.timeout setting.
  2. If you find you are unable to make connections outside of CLASSE after connecting to our VPN, check "Use this connection only for resources on its network" in the GUI. Alternatively, open a terminal window and type the following commands (replacing "$name" with the name of your VPN connection, as seen using "nmcli con"): 
nmcli connection modify $name ipv4.never-default true
nmcli connection modify $name ipv6.never-default true

Edit  | Attach | Print version | History: r50 < r49 < r48 < r47 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r50 - 18 Apr 2024, JamesPulver
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding CLASSE Wiki? Send feedback